AMENDMENTS TO THE CLAIMS 



This listing of claims will replace all prior versions, and listings, of claims 
in the application: 

Listing of Claims: 



1 1 . (Currently amended) A computer controlled method in a provisioning 

2 device in a networked computer system comprising an execution mechanism 

3 configured to execute the method, the method comprising: 

4 establishing communication between a-the provisioning device and-a the 

5 network device over a preferred channel; 

6 exchanging key commitment information over said preferred channel 

7 between said provisioning device and said network device to pre- authenticate 

8 said network device; and 

9 providing provisioning information to said network device over 3aid 

10 preferred channel , wherein the provisioning information comprises: 

11 a first set of provisioning information; and 

12 other provisioning information; 

13 wherein the first set of provisioning information is provided over 

14 the preferred channel and the other provisioning information is provided 

15 using a second channel, and 

16 whereby said network device can automatically configure itself for 

17 communication over a network responsive to said first and other provisioning 

1 8 information. 

1 2. (Original) The computer controlled method of claim 1, wherein said 

2 provisioning information comprises network configuration information. 
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1 3. (Original) The computer controlled method of claim 1, further comprising 

2 receiving a public key from said network device; 

3 verifying said public key with said key commitment information; and 

4 automatically provisioning said network device with a credential 

5 authorized by a credential issuing authority. 

1 4. (Original) The computer controlled method of claim 3, further comprising 

2 establishing proof that said network device is in possession of a private 

3 key corresponding to said public key. 

1 5. (Original) The computer controlled method of claim 3, wherein said 

2 credential issuing authority is a certification authority and said credential is 

3 a public key certificate. 

1 6. (Original) The computer controlled method of claim 3, wherein the step of 

2 automatically provisioning is responsive to authorization from a 

3 registration agent. 

1 7. (Original) The computer controlled method of claim 1, wherein said 

2 preferred channel is a location-limited channel. 

1 8. (Original) The computer controlled method of claim 1, wherein said 

2 preferred channel has a demonstrative identification property and an 

3 authenticity property. 

1 9. (Original) The computer controlled method of claim 1, wherein the 

2 network is a wireless network, and wherein said provisioning device is a 

3 wireless access point. 
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1 10. (Original) The computer controlled method of claim 9, further comprising: 

2 receiving a wireless communication; 

3 determining whether said wireless communication originated from 

4 said network device or from a second network device that was not 

5 provisioned by said wireless access point; and 

6 routing said wireless communication responsive to the step of 

7 determining. 

1 11. (Original) The computer controlled method of claim 1 0, wherein the step 

2 of routing comprises: 

3 choosing a selected channel from a secure channel and an insecure 

4 channel responsive to the step of determining; and 

5 sending said wireless communication through said selected channel. 

1 12. (Original) The computer controlled method of claim 1 , wherein said 

2 provisioning device is in communication with a credential issuing 

3 authority. 

1 13. (Currently amended) A computer-readable storage medium storing 

2 instructions that when executed by a computer cause the computer to perform a 

3 method to provision a ^-network device, the method comprising steps of: 

4 establishing communication between the provisioning device and 

5 said network device over a preferred channel; 

6 exchanging key commitment information over said preferred channel 

7 between said provisioning device and said network device to pre- 

8 authenticate said network device; and 

9 providing provisioning information to said network device-over 
10 said preferred channel , wherein the provisioning information comprises: 

5 



PB W:\PARC PARC-DA2 1 24-US-CIP 1 Amendment B.doc 



11 a first set of provisioning information; and 

12 other provisioning information; 

13 wherein the first set of provisioning information is provided over the 

14 preferred channel, and the other provisioning information is provided 

15 using a second channel, and 

1 6 whereby said network device can automatically configure itself for 

1 7 communication over a network responsive to said first and other 

1 8 provisioning information. 

1 14. (Original) The computer-readable storage medium of claim 13, further 

2 comprising 

3 receiving a public key from said network device; 

4 verifying said public key with said key commitment information; and 

5 automatically provisioning said network device with a credential 

6 authorized by a credential issuing authority. 

1 15. (Original) The computer-readable storage medium of claim 13, wherein 

2 the network is a wireless network, and wherein said provisioning device is 

3 a wireless access point. 

1 16. (Currently amended) An apparatus for provisioning a network device 

2 comprising: 

3 at least one port configured to establish a preferred channel; 

4 a preferred communication mechanism configured to be able to 

5 establish communication with and said network device over said preferred 

6 channel; 
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7 a pre-authentication mechanism configured to be able to receive key 

8 commitment information over said preferred channel from said network 

9 device; and 

10 a provisioning mechanism configured to be able to provide 

1 1 provisioning information to said network device over said preferred 

12 channel , wherein the provisioning information comprises: 

13 a first set of provisioning information; and 

14 other provisioning information; 

15 wherein the first set of provisioning information is provided 

16 over the preferred channel and the other provisioning information 

17 is provided using a second channel; and 

1 8 whereby said network device can automatically configure itself for 

19 communication over a network responsive to said first and other 

20 provisioning information. 

1 17. (Original) The apparatus of claim 16, wherein said provisioning 

2 information comprises network configuration information. 

1 18. (Original) The apparatus of claim 16, further comprising 

2 a key reception mechanism configured to receive a public key; 

3 a key verification mechanism configured to verify said public key 

4 with said key commitment information; and 

5 a credential provisioning mechanism configured to automatically 

6 provide a credential authorized by a credential issuing authority. 

1 19. (Original) The apparatus of claim 18, further comprising a key exchange 

2 mechanism configured to be able to perform a key exchange protocol with 

3 said network device. 
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1 20. (Original) The apparatus of claim 18, wherein said credential issuing 

2 authority is a certification authority and said credential is a public key 

3 certificate. 

1 21 . (Original) The apparatus of claim 16, wherein said preferred channel is a 

2 location-limited channel. 

1 22. (Original) The apparatus of claim 16, wherein the network is a wireless 

2 network, and the apparatus further comprises a wireless access point 

3 mechanism. 

1 23. (Original) The apparatus of claim 22, further comprising: 

2 a packet receiver mechanism configured to receive a wireless 

3 communication; 

4 a determination mechanism configured to determine whether said 

5 wireless communication received by the packet receiver mechanism 

6 originated from said network device or from a second network device that 

7 was not provisioned by said wireless access point; and 

8 a router mechanism configured to route said wireless communication 

9 responsive to the determination mechanism. 

1 24. (Original) The apparatus of claim 23, wherein the router mechanism 

2 further comprises: 

3 a channel selection mechanism configured to choose a selected 

4 channel from a secure channel and an insecure channel responsive to the 

5 determination mechanism; and 

6 a transmission mechanism configured to send said wireless 

7 communication through said selected channel. 
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1 25. (Original) The apparatus of claim 16, further comprising a non-preferred 

2 communication mechanism that can be used to communicate with a 

3 credential issuing authority. 

1 26-66. (Canceled) 
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